Blind SQL Injection in TryHackMe's "Sticker Shop" CTF: A Detailed Writeup Blind SQL Injection, TryHackMe, Sticker Shop CTF, web application security, ethical hacking, SQL injection vulnerability, feedback form exploitation, penetration testing, cybersecurity writeup

InfoSecWriteUps' platform is  dedicated to providing insights and resources for cybersecurity professionals and enthusiasts. Through articles, tutorials, and security research, InfoSecWriteUps offers insights into cybersecurity vulnerabilities, attack techniques, and defense strategies. Readers can learn about penetration testing, threat intelligence, and incident response to enhance their cybersecurity knowledge and skills.

InfoSec Write-ups

The post provides a walkthrough of the THM Sticker Shop challenge, which involves exploiting a Blind XSS vulnerability to obtain a flag. The feedback form in the web application is vulnerable, allowing the attacker to inject malicious JavaScript that retrieves and exfiltrates sensitive data to an external server. The post details the reconnaissance process, exploitation techniques, and the payload used to capture the flag, highlighting the importance of secure coding practices and practical web security measures.

THM Sticker Shop Walkthrough